while gsub!

[ryemcdonald]

Is there a *better* way to perform multiple substitutions to a string
than this?

string = '/../../....//........////../../etc/passwd'

while string.gsub!(/\.\.\//,'')
end

it's working as is, but seems odd to me to have an empty loop.. I'm
just playing with the TCPServer class..


#!/usr/bin/ruby
require 'socket'

port = 80
listen = '0.0.0.0'
header = "HTTP/1.1 200/OK\r\nContent-type: text/html\r\n\r\n"

httpd = TCPServer.new(listen, port)
while session = httpd.accept
request = session.gets
address = session.addr[3]
puts "#{address} #{request}"
askfile = request.scan(/GET (.*) HTTP/).to_s
while askfile.gsub!(/\.\.\//,'')
end
reqfile = '/var/www' + askfile
reqfile += 'index.html' if reqfile == '/var/www/'
if File.exists?(reqfile)
file = File.new(reqfile, 'r')
output = file.readlines
file.close
else
output = '<html><head><title>Not Found</title></head><body>'
output += "<h2>Unfortunately, \"#{askfile}\" does not exist on
this server..</h2>"
output += '<p>perhaps you need more fortune:</p>'
output += "<hr /><p>#{`/usr/games/fortune`}</p><hr />"
output += '</body></html>'
end
session.print header
session.print output
session.close
end

 

[Marcel Molina Jr.]

Is there a *better* way to perform multiple substitutions to a string
than this?

string = '/../../....//........////../../etc/passwd'

while string.gsub!(/\.\.\//,'')
end

irb(main):001:>> string = '/../../....//........////../../etc/passwd'
=> "/../../....//........////../../etc/passwd"
irb(main):002:0> File.expand_path(string)
=> "/etc/passwd"

marcel

 

[ryemcdonald]

irb(main):001:>> string = '/../../....//........////../../etc/passwd'
=> "/../../....//........////../../etc/passwd"
irb(main):002:0> File.expand_path(string)
=> "/etc/passwd"

marcel

that's great! thank you